kdc_preauth.c (check_padata): If preauth fails because the preauth

data from the client was of an unknown type, and the principal does not require preauth, then the preauth should be disregarded. [krb5-kdc/652] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11130 dc483132-0cff-0310-8789-dd5450dbe970
author: Theodore Tso <tytso@mit.edu> 1999-01-27 05:22:07 +0000
committer: Theodore Tso <tytso@mit.edu> 1999-01-27 05:22:07 +0000
commit: be974ccede7b6d3d523784a2dac9773a3c97af1d (patch)
tree: fb1958743108efc877336979d4569dbba9db884d /src/kdc/kdc_preauth.c
parent: d52a4f7d3d43980431063c8cf9ec70c636f25586 (diff)
download: krb5-be974ccede7b6d3d523784a2dac9773a3c97af1d.tar.gz
krb5-be974ccede7b6d3d523784a2dac9773a3c97af1d.tar.xz
krb5-be974ccede7b6d3d523784a2dac9773a3c97af1d.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 0324694a2e..d1b1b36376 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -301,6 +301,13 @@ check_padata (context, client, request, enc_tkt_reply)
     }
     if (pa_ok)
 	return 0;
+
+    /* pa system was not found, but principal doesn't require preauth */
+    if (!pa_found &&
+        !isflagset(client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) &&
+        !isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH))
+       return 0;
+
     if (!pa_found)
 	com_err("krb5kdc", retval, "no valid preauth type found");
     return KRB5KDC_ERR_PREAUTH_FAILED;
author	Theodore Tso <tytso@mit.edu>	1999-01-27 05:22:07 +0000
committer	Theodore Tso <tytso@mit.edu>	1999-01-27 05:22:07 +0000
commit	be974ccede7b6d3d523784a2dac9773a3c97af1d (patch)
tree	fb1958743108efc877336979d4569dbba9db884d /src/kdc/kdc_preauth.c
parent	d52a4f7d3d43980431063c8cf9ec70c636f25586 (diff)
download	krb5-be974ccede7b6d3d523784a2dac9773a3c97af1d.tar.gz krb5-be974ccede7b6d3d523784a2dac9773a3c97af1d.tar.xz krb5-be974ccede7b6d3d523784a2dac9773a3c97af1d.zip